Voltry evidence bundle — THE contract. Typed models, RFC 8785 canonical serialization, ECDSA P-384 sign/verify, generated JSON Schema.
Project description
voltry-evidence-schema
The Voltry evidence bundle: the signed contract behind every Voltry Probe scan and certificate.
Note the naming: the PyPI distribution is voltry-evidence-schema, the Python
package you import is evidence_schema.
pip install voltry-evidence-schema
import evidence_schema
What it provides
- Typed pydantic v2 models (
EvidenceBundleand its blocks). Measured facts and modeled estimates are distinct types by construction; there is no single score anywhere in the schema, and no price field exists. - One canonical serializer: RFC 8785 (JCS) over the bundle minus its signature. This is the only path to signable bytes.
- ECDSA P-384 (secp384r1) with SHA-384 sign and verify over those canonical bytes.
- A generated JSON Schema for cross-language consumers.
Quick start
import json
from evidence_schema import EvidenceBundle, verify_bundle
bundle = EvidenceBundle.model_validate(json.load(open("bundle.json")))
print(verify_bundle(bundle)) # True only if the signature covers these exact bytes
Command line:
# Round-trip demo: build, canonicalize, sign, verify, tamper, verify fails
python -m evidence_schema.demo
# Emit the JSON Schema for non-Python consumers
evidence-schema-jsonschema -o evidence_bundle.schema.json
Stability
The schema is versioned semantically and the 1.x line is frozen wide: a bundle captured today remains valid and replayable indefinitely. Additive fields are minor versions; anything breaking is a major version with a migration path. Canonical bytes are covered by golden-vector tests on every supported Python version (3.10 through 3.13).
License
Apache-2.0.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file voltry_evidence_schema-1.1.0.tar.gz.
File metadata
- Download URL: voltry_evidence_schema-1.1.0.tar.gz
- Upload date:
- Size: 41.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8fdb2677bae439abc2d2e53c4d8e3ee4d40e789be1b52cf1d8fbdd86069447af
|
|
| MD5 |
19792d8a90c05c452f05cbd200028f3c
|
|
| BLAKE2b-256 |
df5b697e41375abdb8c79c64c5161efcf39e53f08a79927c54c4aa8f1b1eade1
|
Provenance
The following attestation bundles were made for voltry_evidence_schema-1.1.0.tar.gz:
Publisher:
release.yml on Voltry-tech/core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
voltry_evidence_schema-1.1.0.tar.gz -
Subject digest:
8fdb2677bae439abc2d2e53c4d8e3ee4d40e789be1b52cf1d8fbdd86069447af - Sigstore transparency entry: 2072318055
- Sigstore integration time:
-
Permalink:
Voltry-tech/core@5947219072247522fba817cbc99fadfebfd83d8a -
Branch / Tag:
refs/tags/voltry-evidence-schema-v1.1.0 - Owner: https://github.com/Voltry-tech
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5947219072247522fba817cbc99fadfebfd83d8a -
Trigger Event:
push
-
Statement type:
File details
Details for the file voltry_evidence_schema-1.1.0-py3-none-any.whl.
File metadata
- Download URL: voltry_evidence_schema-1.1.0-py3-none-any.whl
- Upload date:
- Size: 28.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46619e7726b96956a0f385b90694eeb8adbd0de3cc5939fd6f2171078e9f6e09
|
|
| MD5 |
ded618c71022823bc43c14b38d25e972
|
|
| BLAKE2b-256 |
e2c6328a9196b94fe945de2598b55b139eeb97f9249d7c72fe2e3830fa7eef67
|
Provenance
The following attestation bundles were made for voltry_evidence_schema-1.1.0-py3-none-any.whl:
Publisher:
release.yml on Voltry-tech/core
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
voltry_evidence_schema-1.1.0-py3-none-any.whl -
Subject digest:
46619e7726b96956a0f385b90694eeb8adbd0de3cc5939fd6f2171078e9f6e09 - Sigstore transparency entry: 2072318077
- Sigstore integration time:
-
Permalink:
Voltry-tech/core@5947219072247522fba817cbc99fadfebfd83d8a -
Branch / Tag:
refs/tags/voltry-evidence-schema-v1.1.0 - Owner: https://github.com/Voltry-tech
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5947219072247522fba817cbc99fadfebfd83d8a -
Trigger Event:
push
-
Statement type: